diff --git a/src/Skobkin/Bundle/PointToolsBundle/DataFixtures/ORM/LoadPostData.php b/src/Skobkin/Bundle/PointToolsBundle/DataFixtures/ORM/LoadPostData.php
index 55b624c..c7a82ac 100644
--- a/src/Skobkin/Bundle/PointToolsBundle/DataFixtures/ORM/LoadPostData.php
+++ b/src/Skobkin/Bundle/PointToolsBundle/DataFixtures/ORM/LoadPostData.php
@@ -8,6 +8,12 @@ use Skobkin\Bundle\PointToolsBundle\Entity\{Blogs\Post, User};
 
 class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
 {
+    public const POST_ID_LONG = 'longpost';
+    public const POST_ID_SHORT = 'shortpost';
+    public const POST_ID_PR_USER = 'prusrpst';
+    public const POST_ID_WL_USER = 'wlusrpst';
+    public const POST_ID_PR_WL_USER = 'prwlusrpst';
+
     public function load(ObjectManager $om)
     {
         /** @var User $mainUser */
@@ -19,31 +25,31 @@ class LoadPostData extends AbstractFixture implements OrderedFixtureInterface
         /** @var User $prWlUser */
         $prWlUser = $this->getReference('test_user_'.LoadUserData::USER_PRWL_ID);
 
-        $longPost = (new Post('longpost', $mainUser, new \DateTime(), Post::TYPE_POST))
+        $longPost = (new Post(self::POST_ID_LONG, $mainUser, new \DateTime(), Post::TYPE_POST))
             ->setText('Test post with many comments')
             ->setPrivate(false)
             ->setDeleted(false)
         ;
 
-        $shortPost = (new Post('shortpost', $mainUser, new \DateTime(), Post::TYPE_POST))
+        $shortPost = (new Post(self::POST_ID_SHORT, $mainUser, new \DateTime(), Post::TYPE_POST))
             ->setText('Test short post')
             ->setPrivate(false)
             ->setDeleted(false)
         ;
 
-        $privateUserPost = (new Post('prusrpst', $privateUser, new \DateTime(), Post::TYPE_POST))
+        $privateUserPost = (new Post(self::POST_ID_PR_USER, $privateUser, new \DateTime(), Post::TYPE_POST))
             ->setText('Post from private user. Should not be visible in the public feed.')
             ->setPrivate(false)
             ->setDeleted(false)
         ;
 
-        $wlUserPost = (new Post('wlusrpst', $wlUser, new \DateTime(), Post::TYPE_POST))
+        $wlUserPost = (new Post(self::POST_ID_WL_USER, $wlUser, new \DateTime(), Post::TYPE_POST))
             ->setText('Post from whitelist-only user. Should only be visible for whitelisted users.')
             ->setPrivate(false)
             ->setDeleted(false)
         ;
 
-        $privateWlUserPost = (new Post('prwlusrpst', $prWlUser, new \DateTime(), Post::TYPE_POST))
+        $privateWlUserPost = (new Post(self::POST_ID_PR_WL_USER, $prWlUser, new \DateTime(), Post::TYPE_POST))
             ->setText('Post from private AND whitelist-only user. Should not be visible in the public feed.')
             ->setPrivate(false)
             ->setDeleted(false)
diff --git a/tests/Skobkin/PointToolsBundle/Controller/PostControllerTest.php b/tests/Skobkin/PointToolsBundle/Controller/PostControllerTest.php
index d2d6a0b..1f2a4fe 100644
--- a/tests/Skobkin/PointToolsBundle/Controller/PostControllerTest.php
+++ b/tests/Skobkin/PointToolsBundle/Controller/PostControllerTest.php
@@ -2,15 +2,15 @@
 
 namespace Tests\Skobkin\PointToolsBundle\Controller;
 
-use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Skobkin\Bundle\PointToolsBundle\DataFixtures\ORM\LoadPostData;
+use Symfony\Bundle\FrameworkBundle\{Client, Test\WebTestCase};
 use Symfony\Component\DomCrawler\Crawler;
 
 class PostControllerTest extends WebTestCase
 {
     public function testNonExistingPostPage()
     {
-        $client = static::createClient();
-        $client->request('GET', '/nonexistingpost');
+        $client = $this->createClientForPostId('nonexistingpost');
 
         $this->assertTrue($client->getResponse()->isNotFound(), '404 response code for non-existing post');
     }
@@ -20,12 +20,11 @@ class PostControllerTest extends WebTestCase
      */
     public function testShortPostPageIsOk()
     {
-        $client = static::createClient();
-        $crawler = $client->request('GET', '/shortpost');
+        $client = $this->createClientForPostId(LoadPostData::POST_ID_SHORT);
 
         $this->assertTrue($client->getResponse()->isOk(), '200 response code for existing post');
 
-        return $crawler;
+        return $client->getCrawler();
     }
 
     /**
@@ -58,4 +57,33 @@ class PostControllerTest extends WebTestCase
         $this->assertEquals(1, $p->count(), '.post-text has zero or more than one paragraphs');
         $this->assertEquals('Test short post', $p->text(), '.post-text has no correct post text');
     }
+
+    public function testPrivateUserPostForbidden()
+    {
+        $client = $this->createClientForPostId(LoadPostData::POST_ID_PR_USER);
+
+        $this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private user\'s post');
+    }
+
+    public function testWhitelistOnlyUserPostForbidden()
+    {
+        $client = $this->createClientForPostId(LoadPostData::POST_ID_WL_USER);
+
+        $this->assertTrue($client->getResponse()->isForbidden(), '403 response code for whitelist-only user\'s post');
+    }
+
+    public function testPrivateWhitelistOnlyUserPostForbidden()
+    {
+        $client = $this->createClientForPostId(LoadPostData::POST_ID_PR_WL_USER);
+
+        $this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private whitelist-only user\'s post');
+    }
+
+    private function createClientForPostId(string $id): Client
+    {
+        $client = static::createClient();
+        $client->request('GET', '/'.$id);
+
+        return $client;
+    }
 }